IBM SevOne Network Performance Management (NPM) vs Splunk Enterprise Security comparison


Comparison Buyer's Guide

Executive Summary

Categories and Ranking

IBM SevOne Network Performa...
Ranking in Log Management
Average Rating
Number of Reviews
Ranking in other categories
Network Monitoring Software (39th), Server Monitoring (16th), IT Infrastructure Monitoring (35th), Cloud Monitoring Software (28th)
Splunk Enterprise Security
Ranking in Log Management
Average Rating
Number of Reviews
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)

Mindshare comparison

As of June 2024, in the Log Management category, the mindshare of IBM SevOne Network Performance Management (NPM) is 0.4%, up from 0.2% compared to the previous year. The mindshare of Splunk Enterprise Security is 13.0%, down from 13.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
Unique Categories:
Network Monitoring Software
Server Monitoring
Security Information and Event Management (SIEM)
IT Operations Analytics

Featured Reviews

Aug 17, 2022
We can look at growth in particular values and combine them to see how they interact to improve our forecast accuracy
SevOne has rich API capabilities, giving us the flexibility to control what we collect and customize the collection, creation, and manipulation of metrics as necessary. Any solution can provide the out-of-the-box capability to collect SNMP. But the ability to combine various metrics and apply logical or mathematical operators to yield a new metric offers an enhancement we can't get with a vanilla solution. For instance, we're monitoring our network interfaces not only by utilization but also by QoS packet drops, so we know whether the network traffic is being impacted because the utilization's high. The data collection capabilities are pretty broad for time series data. The out-of-the-box capabilities are extensive in terms of anything that's not agent-based, SNMP collection, and AWS API integrations. You can also create your own integration with it and feed it deferred data. It'll take the data and process it the same way it does anything else. It automatically baselines every indicator that's collected. We can trigger anomaly-based or threshold-based alerts off the data. Everything's kept for up to a year with raw data. SevOne gives us real-time insights into network performance. Collection and visualization are almost immediate. There's no aggregation delay while it calculates things and rolls them up. It pretty much displays the data as you collect it. We trigger alarms off of important events and generate events up to our manager of managers, which creates incidents. We collect WiFi data in abundance down to individual stations that are connecting to our access points. That can be tracked throughout the day, so you can determine where a user's been connected in order to troubleshoot. You can identify the specific access point they're on. We pull in everything the cloud watch is collecting. We ingest it, display it, look at historical patterns, and do anomaly-based checks and threshold alerts on the data. The data collection is pretty broad in our case. In the former company that I worked for, we had 350 wireless controllers over 14,000 access points. They actually rewrote the collector for WiFi so that they could scale up and finish the collection within a polling cycle. They're also very responsive about updates and adapting the product to demand. SevOne's base dashboard which comes with the network performance management cluster is easy to use. It's easy to create graphs and leverage them, but there's a lot more power available underneath. If you understand the principles of grouping and creating custom indicators, you can take the product to advanced levels. The base out-of-the-box functionality is pretty easy to use. The data insights product that sits on top of it provides BI-type functionality. It's no harder or easier to use than other BI tools. It's designed to work with SevOne, so once the connection's been set up and you're pulling the data in, you apply the SevOne groups that you've already created. It's fairly easy to create reusable dashboards. Right now, we run probably about 180 dashboards that my team has customized for various groups. The device support is pretty extensive. SevOne has continued to expand device support since the IBM acquisition. I can certify a new device type within 10 business days. If there is a device that's not supported natively, you can collect the MIT files, do an SNMP walk on the device, and send that to SevOne. They'll return the appropriate drivers to install on my system to support it, so I can get the out-of-the-box building functionality out of it. I would say it's pretty extensive. It's vendor agnostic. As long as the vendor has SNMP, API, or some other means of collecting data, we can usually figure something out. It's quick and easy to set up reporting and get it running. Reporting is based on how you group devices together, so there's only so much you can do with SevOne's out-of-the-box reporting because they don't know your network. For instance, we have colo facilities separate from my various sites. I have manufacturing sites that are separated, so we group them together in reports. SevOne wouldn't have a way to know how to do that. So the reporting that's available quickly helps to get the job done, but there's more sophisticated reporting with a little bit of time you can develop that provides more value.
SathishKumar11 - PeerSpot reviewer
May 20, 2024
Helps reduce the alert volume, speeds up investigations, and detect threats faster
We use Splunk Enterprise Security to monitor our environment The threat intelligence and monitoring of Splunk are good.  We have integrated Splunk Enterprise Security with ServiceNow so whenever there is a detection it will automatically raise a ticket and send it to the appropriate team for…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"SevOne has rich API capabilities, giving us the flexibility to control what we collect and customize the collection, creation, and manipulation of now metrics as necessary."
"We find that the reporting is particularly valuable in terms of not only communicating with our peer teams but also with the executives."
"The automation feature is good because if your CMDB is OK and it is already in sync, then the automation part is good to go."
"Its ability to monitor practically any type of network device via SNMP is most valuable. This is the main functionality that we're using. If a network device exposes a metric, such as interface utilization, SevOne will monitor it for us."
"The modules and the performance management reports that come with data insights are two of the most valuable features. I also find the reports for Wi-Fi, Netflow, LAN, and WAN for monitoring to be very good."
"With this tool it is interesting to show the info to the client and explain where the traffic is."
"We have benefited mainly from the use of the dashboard interface. It makes the network visually interesting for other people who are not in the network. A lot of people are not network techies who understand streams in the network. Based on location, we have streams coming in and out. They can see visually when there is some problem. They don't need to understand all the network technology behind it to be able to understand if everything is working well or if there is a problem."
"Scalability. I have never had to worry about how to handle really big environments."
"Splunk Enterprise Security's dashboards are a key asset."
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"We are much faster finding and addressing issues with Splunk."
"The correlation searches are most valuable just because we are able to do things like RBA."
"The ability to manage large amounts of generated data and to protect all devices from unauthorized use are the most valuable features."
"The alerts are very effective."
"It has the ability to correlate data, analyze and review it."
"The Splunk user community and forum are most valuable."


"You need to plan integrations. That has been the biggest bug with SevOne so far. For the things that SevOne pulls directly, those are easy to understand, modify, and put into the database. For things that need to use the Universal Collector or xStats, you need to plan that stuff well in advance."
"The customizations are very hard. The person doing it has to be very good at analytics and has to be very good in all languages"
"The user management features need to be improved. It would be nice if we had more granular control, or layers of control, out of the box."
"I'm not really sure if this was the software's fault or a server issue, but a couple of years back the disks were failing on our SevOne physical server every month and the server would go down. The secondary server took over from the primary until the disk issue was resolved. That was annoying."
"The one area with room for improvement is probably administration. They added data insights to make a better user experience, but I'd like to see some improvements in the way the system's administered."
"The reporting of NMS is good, but it could be better."
"I would like to see live maps as an added feature. Also, build modules on AI and EML to provide better data insights that would proactively tell us what we should be looking after."
"There are some tweaks and enhancements that I've already requested. One is to be able to make changes per device rather than as a global setting. That has to do with naming. It's minor."
"The prices are complicated as we operate in a small third-world country."
"Its pricing is extremely high. There are other tools out in the market that are competitive. They do not necessarily have all the functionality, but they are competitive. The professional services we have used have been high as well in comparison to the market."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
"In terms of the interface, it could include some improvements for the look and feel."
"I would like Splunk to add more integration. QRadar has many indications with more products than Splunk."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"While Splunk Enterprise Security offers valuable features, its cost is high and could be more competitive."
"The analytics of Splunk could be improved."

Pricing and Cost Advice

"The pricing has not evolved with the market, which is one of the reasons we are moving to a new product."
"There are different options available for licensing, with the per-device option being more expensive but more flexible."
"The pricing has been fair."
"Many tools price things based on the number of KPIs that you're collecting around a device. In many cases, there could be hundreds of metrics that you need to collect. SevOne provides device-level pricing. That gives us the flexibility to turn on, and expand on, the metrics that we're collecting around those devices, without taking a financial hit."
"It is inexpensive compared to other monitoring tools."
"For the value that you get from SevOne, it's worth the price. There are a lot of cheaper alternatives on the market, and even free options. But they require more staff, more resources, and engineers with more advanced knowledge of monitoring. That's what makes SevOne worth the price."
"A blocking point is the high upfront cost because it is challenging to get it accepted and the purchase approved."
"Although I don't have exact details in terms of cost, my experience has been that SevOne is willing to make a deal with the customer."
"While Splunk is more expensive than other solutions, we would still choose it because of its capabilities."
"In terms of pricing, I believe Splunk is unreasonably costly for the majority of mid and small-sized companies."
"While some clients find the cost of Splunk Enterprise Security to be on the higher end, its pricing is comparable to other SIEM solutions."
"It is a bit costly."
"Its price is fair. Like with anything else, if you go into the cloud, different providers cost more, and you are able to throttle back or throttle up. The cost is comparable with anything else."
"Splunk is definitely not a cheap solution. It is an expensive product."
"In addition to the licensing fee, there is also a support and maintenance charge."
"The price can always be lower, but it is fair at the moment. The cost efficiencies depend on the licensing and how much data we are bringing in. We have a fairly large footprint, so it is cost-effective."
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
787,817 professionals have used our research since 2012.

Comparison Review

Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Top Industries

By visitors reading reviews
Computer Software Company
Financial Services Firm
Manufacturing Company
Financial Services Firm
Computer Software Company
Manufacturing Company

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business

Questions from the Community

What do you like most about SevOne Network Data Platform?
I like the tool’s scalability and real-time reports. Earlier, we struggled to give real-time reports to clients. I also like the tool’s deployment model where we can deploy it either on-premises or...
What is your experience regarding pricing and costs for SevOne Network Data Platform?
The tool is not expensive. We were able to negotiate with SevOne on pricing.
What needs improvement with SevOne Network Data Platform?
SevOne could improve its flexibility because it isn't fully customizable and its out-of-the-box configuration doesn't cover all use cases.
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...

Also Known As

No data available

Learn More




Sample Customers

ATOS, Devereux, Spark New Zealand, Access4, Rogers Communication, Lumen (formerly known as CenturyLink)
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about IBM SevOne Network Performance Management (NPM) vs. Splunk Enterprise Security and other solutions. Updated: June 2024.
787,817 professionals have used our research since 2012.